You are here: RCS installation > Concepts > All-in-One architecture components

All-in-One architecture components

Introduction

RCS is installed at the operating center and proprietary authority's tapping rooms. It can come with special devices (hardware and software) installed at remote organizations such as Internet providers or remote servers. RCS can be installed in All-In-One or Distributed architecture.

All-In-One architecture layout

All-in-One architecture includes RCS installed on a single server. The logical architecture layout is provided below:

Figure 1: All-In-One RCS architecture: logical layout

All-in-One RCS architecture components

Architecture components are provided below:

Component Function Installation
Agent

Software bugs tap and communicate the investigation target's data and information to an Anonymizer or, if not installed, directly to Collectors.

  • target devices
  • data sources

Anonymizing chain

Anonymizer

(optional) geographically distributed Anonymizer groups that guarantee Collector anonymity and redirect collected data to protect servers from remote attacks. It transfers agent data to servers. Several Anonymizers can be set up in a chain to increase the level of protection. Each chain leads to one Collector.

VPS (Virtual Private Server)
Collector

RCS server component that collects agent data either directly or through the Anonymizer chain.

RCS server
Firewall

Optional but highly recommended, it protects the trusted environment were data is processed and saved from the untrusted environment where data is collected.

RCS server
RCS console

Setup, monitoring and analysis console used by operating center workers.

  • RCS server
  • internal network
Master Node

Heart of the RCS server, it manages data flows, component status and includes the first Shard database. It includes the Worker service to decode data before saving it in the database.

RCS server
Network Controller

(optional) RCS server component, sends settings to Network Injector, Anonymizer chains and constantly acquires their status.

RCS server
Network Injector

(optional) Fixed hardware component (Appliance) or notebook (Tactical), it runs sniffing and injection operations on the target's HTTP connections.

  • ISP
  • Wired or Wireless LAN (homes, hotel)
Target

Investigation targets. Each device owned by the target is a data source and can be monitored by an agent.

-

RCS8.2 | User's and Installation Guide | © COPYRIGHT 2012